CVE-2024-46674 usb: dwc3: st: fix probed platform device ref count on probe error path

2024-09-1305:29:10

Linux

www.cve.org

linux kernel

vulnerability

fix

platform device

probe error

EPSS

Percentile

5.1%

JSON

In the Linux kernel, the following vulnerability has been resolved:

usb: dwc3: st: fix probed platform device ref count on probe error path

The probe function never performs any paltform device allocation, thus
error path “undo_platform_dev_alloc” is entirely bogus. It drops the
reference count from the platform device being probed. If error path is
triggered, this will lead to unbalanced device reference counts and
premature release of device resources, thus possible use-after-free when
releasing remaining devm-managed resources.

CNA Affected

[
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "unaffected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/dwc3/dwc3-st.c"
    ],
    "versions": [
      {
        "version": "f83fca0707c6",
        "lessThan": "b0979a885b9d",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "f3498650df08",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "6aee4c5635d8",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "060f41243ad7",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "4c6735299540",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "e1e5e8ea2731",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "1de989668708",
        "status": "affected",
        "versionType": "git"
      },
      {
        "version": "f83fca0707c6",
        "lessThan": "ddfcfeba8910",
        "status": "affected",
        "versionType": "git"
      }
    ]
  },
  {
    "product": "Linux",
    "vendor": "Linux",
    "defaultStatus": "affected",
    "repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
    "programFiles": [
      "drivers/usb/dwc3/dwc3-st.c"
    ],
    "versions": [
      {
        "version": "3.18",
        "status": "affected"
      },
      {
        "version": "0",
        "lessThan": "3.18",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "4.19.321",
        "lessThanOrEqual": "4.19.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.4.283",
        "lessThanOrEqual": "5.4.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.10.225",
        "lessThanOrEqual": "5.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "5.15.166",
        "lessThanOrEqual": "5.15.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.1.108",
        "lessThanOrEqual": "6.1.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.6.49",
        "lessThanOrEqual": "6.6.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.10.8",
        "lessThanOrEqual": "6.10.*",
        "status": "unaffected",
        "versionType": "custom"
      },
      {
        "version": "6.11",
        "lessThanOrEqual": "*",
        "status": "unaffected",
        "versionType": "original_commit_for_fix"
      }
    ]
  }
]